Customizing statics and visualization for the user...

karthickmoorthy · ‎04-03-2014

Hi,

I have 4 event filed in a single line, now I need to filter the top 200 event for a particular event filed , which I can do by using " | top=200 ", mu main problem is in the statics and visualization it showing only the event and their count, I would like to have all the remaining 3 event filed which comes with it the data.

In the Table I would like to use the filter is it possible ??? like ordering..??

Thanks in advance.

karthickmoorthy · ‎04-03-2014

@somesoni2

host=PDT DataTag=HistoryData "Scanned_Network: .Channel"=44| top limit=200 "Scanned_Network: .SSID"

In statics and visualization it providing only SSID,count,percentage. I dont want percentage instead of that I want other event fields. and I also would like to know how to customize the visualization graph.. example instead of count I would like to have event field.

somesoni2 · ‎04-03-2014

Try something like this

<your base search> [search <your base search> | top limit=200 fieldX | table fieldX] |...remaning search

The subsearch will eliminate other values of fieldX which are not part of top 200.

karthickmoorthy · ‎04-03-2014

Hi
host=PDT DataTag=HistoryData [ search host=PDT DataTag=HistoryData | top limit=200 Scanned_Network: .SSID | table Scanned_Network: .SSID] It returns no result, I am sure there is a data. at all time.
My doubt is when I use the top command it will table only one field in statics and visualization, How to add other fields in statics ??

somesoni2 · ‎04-03-2014

can your provide your current search (before applying top command)?

Customizing statics and visualization for the user given filter

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor